How To Spot A Phish: Don't Fall for These 5 Phishing Emails

Phishing simulator data from Kaspersky shows that workers tend to not notice phishing attempts that are hidden in emails about corporate issues and delivery problem notifications. One in five (16% to 18%) employees click the link in the phishing simulation emails that imitate these phishing attacks. According to estimates, 91% of all cyberattacks begin with a phishing email, and phishing techniques are involved in 32% of all successful data breaches.

According to recent phishing simulation campaigns, the five most effective types of phishing email are:

1. Subject**:** Failed delivery attempt - Unfortunately, our courier was unable to deliver your item. Sender: Mail delivery service. Click conversion: 18.5%
2. Subject: Emails not delivered due to overloaded mail servers. Sender: The Google support team. Click conversion: 18%
3. Subject: Online employee survey: What would you improve about working at the company. Sender: HR Department. Click conversion: 18%
4. Subject: Reminder: New company-wide dress code. Sender: Human Resources. Click conversion: 17.5%
5. Subject: Attention all employees: new building evacuation plan. Sender: Safety Department. Click conversion: 16%

Other phishing emails that gained a significant number of clicks include reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).

Alternatively, emails that threaten the recipient or offer instant benefits appeared to be less “successful.” A template with the subject “I hacked your computer and know your search history” gained 2% of clicks, while offers for free Netflix and $1,000 by clicking a link tricked just 1% of employees.

To prevent data breaches (and any related financial and reputational losses caused by phishing attacks), businesses should remind employees about the basic signs of phishing email. Employees should:

• Keep an eye out for a dramatic subject line, mistakes and typos, inconsistent sender addresses and suspicious links.
• Check the format of attachments before opening them and the link accuracy before clicking. This can be achieved by hovering over these elements.
• Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email.
• Educate employees with basic cybersecurity knowledge. Your employees are your first line of defense, and teaching them how to deal with threats is of utmost importance.
• Learn how ThreatAdvice can help. Reach out today!